216.73.217.64

CVE-2026-46413

· Published 10/07/2026 00:17 · Author: The MITRE Corporation

Labels: CVE-2026-46413

Essential information

Published
10/07/2026 00:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-862
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS metrics

Description

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, regular users could route direct S3 multipart uploads through ExternalUploadManager into the admin backup store. This issue is fixed in versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5.

NVD status

NVD
View on NVD